DDoS mitigator Akamai Technologies uncovered the toolkit, dubbed Spike, about six months ago and has stopped attacks against enterprise customers in Asia and the U.S.

One distributed denial of service attack peaked at 215 gigabits per second and 150 million packets per second.

"It was pretty impressive," David Fernandez, head of Akamai's PLXsert lab, said.

The toolkit is unique in that it can infect Linux, Windows and ARM-based systems. As a result, a Spike-based botnet could comprise PCs, servers, routers and Internet of Things (IoTs) devices, such as smart thermostats.

Akamai has not seen any IoTs devices in the botnet it has uncovered. However, the fact that the creators developed binary payloads for ARM and Linux suggests that attacks on IoTs devices is possible.

"They could be subjected to future exploitation and infection for these types of (DDoS) campaigns," Fernandez said.

Also unusual is Spike's ability to launch different types of DDoS attacks simultaneously. For example, attackers could use four separate command-and-control servers to launch against a single target SYN, UDP, GET and Domain Name System query floods.

Akamai believes Spike originated in Asia, because only Mandarin was used in the toolkits the company found.

To block Spike, a company can add infrastructure attack signatures to access control lists. For blocking attacks on the application layer, Akamai has released a SNORT signature.

SNORT is a widely used open source network intrusion detection and prevention system.

Akamai also suggests hardening systems against attacks by keeping patches up to date and following the guidance provided by several organizations, including the SANS Institute, Microsoft, the National Security Agency, the National Institute of Standards and Technology (NIST) and the Open Web Application Security Project (OWASP).

Akamai is also calling on the security research community, including vendors and government and private institutions, to launch a combined effort to cleanup Spike-infected systems while the botnet is still young.

"Unless there are significant community cleanup efforts, this bot infestation is likely to spread," the company said in a threat advisory.

Latest Videos

Hear from Invictus Games Sydney 2019 CEO, Patrick Kidd OBE and Head of Technology, @James-d-smith -share their insights on how they partnered with Unisys to protect critical data over an open, public WiFi solution.

With so much change all the time, how can executives best prepare their businesses to meet the security challenges of the coming years? CSO Australia, in conjunction with Mimecast, explored this question in an interactive Webinar that looks at how the threat landscape has evolved – and what we can expect in 2019 and beyond.

According to new research conducted by the Ponemon Institute, Australia and New Zealand have the highest levels of data breaches out of the nine countries investigated. This was linked to heavy investment in security detection and an under-investment in security and vulnerability response capabilities

Copyright 2019 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.